A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials

Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations' security measures not set up to deal with these attacks

By adopting the 'Zero Noise' approach—prioritizing attacker-focused detections, continuous feedback loops, and a 'no alert left behind' mentality—security teams can cut through cloud alert noise,...

In the past decade, Oracle Database (Oracle DB) has reigned supreme in the competitive arena of database engine popularity ranking as shown in Figure 1 and Figure 2. This pervasiveness has led...

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS)...

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS)...

The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020. [...]

2025-01-22 • ESET Research • Facundo Muñoz • win.slowstepper Open article on Malpedia

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The...

For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer...

Windows 11 taskbar is testing a new feature that helps you understand the current power state of your laptop's battery, including showing the battery percentage directly on the taskbar. [...]

The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...]

1Password’s top-tier security and sleek user interface make it a solid password manager to try this year. Read our hands-on 1Password review to learn more.

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate...

Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...]

Members from the House Committee on Homeland Security have requested information on the U.S. Coast Guard’s actions to... The post US lawmakers sound alarm on COSCO SHIPPING’s national security...

The U.S. Senate voted 59-34 on Saturday to confirm Kristi Noem as the 8th Secretary of the Department... The post Kristi Noem takes over as Secretary of Homeland Security, confirmed in sweeping...

74% of CISOs plan to increase their cyber crisis simulation budgets in 2025

“Yahoo Boy” scammers are impersonating CNN and other news organizations to create videos that pressure victims into making blackmail payments.

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]

Critical security flaw in SonicWall SMA 1000 appliances (CVE-2025-23006) exploited as a zero-day. Rated CVSS 9.8, patch immediately…

A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars

Change Healthcare has claimed 190 million customers were affected by a mega-breach last year

A hacker claims to be selling the data of 18.8 million TalkTalk customers, but the telecoms giant says this figure is ‘significantly overstated’ © 2024 TechCrunch. All rights reserved. For...

You must periodically review your cloud environments to remove old and unused resources because they can create security risks. But what is the right way to perform this task? Read on to learn...

This is a weekly threat intelligence report review from RST Cloud. This week, we analysed 59 threat intelligence reports and have summarized them along with the extracted relevant metadata. You...

2025-01-21 • Trend Micro • Leon Chang, Theo Chen • win.cobalt_strike, win.hemigate, win.shadowpad, win.snappybee, win.sparrow_door Open article on Malpedia

Key Takeaways Case Summary This intrusion began near the end of January 2024 when the user downloaded and executed a file using the same name (setup_wm.exe) and executable icon, as … Read More

2025-01-15 • 0x0d4y • 0x0d4y Open article on Malpedia

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team shares how we can help protect you against fake SBI Reward banking trojan. The post Zimperium’s...